CN113114632B - Can peg graft formula intelligence financial auditing platform - Google Patents

Can peg graft formula intelligence financial auditing platform Download PDF

Info

Publication number
CN113114632B
CN113114632B CN202110302315.1A CN202110302315A CN113114632B CN 113114632 B CN113114632 B CN 113114632B CN 202110302315 A CN202110302315 A CN 202110302315A CN 113114632 B CN113114632 B CN 113114632B
Authority
CN
China
Prior art keywords
server
safety
service
internet
financial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110302315.1A
Other languages
Chinese (zh)
Other versions
CN113114632A (en
Inventor
刘义江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiongan New Area Power Supply Company State Grid Hebei Electric Power Co
State Grid Hebei Electric Power Co Ltd
Original Assignee
Xiongan New Area Power Supply Company State Grid Hebei Electric Power Co
State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiongan New Area Power Supply Company State Grid Hebei Electric Power Co, State Grid Hebei Electric Power Co Ltd filed Critical Xiongan New Area Power Supply Company State Grid Hebei Electric Power Co
Priority to CN202110302315.1A priority Critical patent/CN113114632B/en
Publication of CN113114632A publication Critical patent/CN113114632A/en
Application granted granted Critical
Publication of CN113114632B publication Critical patent/CN113114632B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/12Accounting
    • G06Q40/125Finance or payroll
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/50Finance; Insurance
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Abstract

The invention belongs to the technical field of power Internet of things, and relates to a pluggable intelligent financial auditing platform, which comprises a business server and a business client of financial auditing application, and a safety interaction platform for establishing a safety channel for the business server and the business client; the service server side obtains financial audit data from a secondary system and/or a tertiary system of the financial audit application and makes a service response to a service request of the service client side on the safety channel; the service server is arranged in an information inner network or an information outer network of the power information network, the service client is arranged in the internet, and the safety interaction platform is arranged at the edge of one communication side of the information outer network and the internet. The technical scheme of the invention can be applied to the new-form end, edge and cloud Internet of things basic software and hardware environment, and has lower migration cost in the process of adjusting the financial auditing application architecture from an internal and external network mode to an end, edge and cloud mode.

Description

Can peg graft formula intelligence financial audit platform
Technical Field
The invention belongs to the technical field of power internet of things, and particularly relates to a financial information management system spanning an information intranet and an information extranet.
Background
With the rise of the internet of things (IoT), the internet of everything interconnection enables traditional network security to extend to various internet of things fields such as infrastructure, industrial development, civil service, resident life and the like by means of the internet of things, especially the security situation of the internet of things in the industries such as traffic, water conservancy, energy, electric power, communication and the like is increasingly severe, and sudden internet of things security problems may influence the stability of the whole economy and society.
In recent years, global Internet of things safety events are frequent, the destructive power is great, and the safety situation is severe. In 2015 for 12 months, about 60 substations of the ukrainian power distribution company suffer network attacks, so that 140 ten thousand residents have power failure at home. In 10 months in 2016, the United states DNS service providers are attacked by the large-scale DDoS of the Mirai zombie networks, resulting in network outages in most America; large-scale network outages also occurred subsequently in german telecommunications under Mirai. In 2017, except midnight, the intelligent electric meters of 900 family in Shanghai are maliciously attacked, so that the power of the users is cut off in the midnight. The Tesla Models leak can be positioned in a vehicle and steal personal information. St-Jude implanted pacemakers and cardiovascular instruments can be tampered with maliciously, causing the pulse generator to stop working, endangering the life of the patient. The '2017-year global information security condition survey report' issued by the forever republic of Puhua shows that through the audit of Chinese and hong Kong areas, the average number of various information security events detected by Chinese and hong Kong enterprises in the last 12 months is 2577, which is twice as large as the same period in the last year, and is increased by 969% in comparison with 2014. In order to face the increasingly severe safety condition of the internet of things, the existing safety access scheme of the internet of things has a plurality of defects, for example, the safety access scheme of the internet of things is mostly based on passive defense means such as plugging, searching and killing and the like, and lacks the capability of coping with unknown safety threats; the issuing of the security policy requires large overhead, so that the scheme cannot meet the access requirements of massive and heterogeneous resources in the internet of things and cannot dynamically adapt to various heterogeneous networks in the internet of things; at present, a remote credible certification mechanism for a data source is lacked, and the identity certification for the ubiquitous Internet of things sensing node cannot meet the requirements of dynamic, anonymous and remote certification and the like.
In the prior art, a power company network is divided into a physically isolated production control area and a management information area, and an active defense system of 'zoning, safe access, dynamic perception and comprehensive protection' and a network security intelligent defense system of 'manageable, controllable, accurate protection, visual, credible and intelligent defense' are gradually improved. In 2019, in order to build specific requirements of top-grade energy Internet enterprises in the world, a key point of ubiquitous power Internet of things building is to expand new business applications similar to photovoltaic cloud networks and car networking, drive new value creation through service opening and data sharing docking society, and the existing safety protection system mainly based on isolation can not meet the development requirement at all. On the other hand, ubiquitous power internet of things terminals are widely connected, platforms are opened and shared, and network boundaries are fuzzy, so that the exposed surface of the current security protection system is gradually increased, and potential customized malicious attacks put higher requirements on intrinsic security, intelligent monitoring perception and the like of massive heterogeneous computing nodes. The method is based on the intrinsic safety technologies such as trusted computing and the like to realize the end-pipe-cloud safety immunity, support trusted interconnection and safety interaction, realize a dynamic trust evaluation system and intelligent defense, and meanwhile, with the release of the series standards and requirements of 'level protection 2.0', the ubiquitous power internet of things safety protection faces the following requirements:
(1) the method solves the problem of malicious code threat under the conditions of high intelligentization, wide interconnection and open interaction of the computing nodes. In the ubiquitous power internet of things construction process, under the characteristics of ubiquitous connection, open sharing and the like of massive heterogeneous end, edge and cloud internet of things basic software and hardware environments, the traditional protection measures are difficult to effectively deal with the increasing security risks in the environments, cannot resist novel unknown malicious codes, cannot radically eliminate the vulnerability of massive heterogeneous computing environments from a computing architecture, and need to introduce a trusted computing security protection mechanism to solve the problems.
(2) The existing safety protection means cannot radically solve the safety risk caused by the simplification of a computing node system structure. The internet of things is used as the inheritance and the development of the internet, and the safety is not taken as a primary consideration when the internet is created, so that the internet of things has the safety immune deficiency similar to the internet from the birth, and the safety immune deficiency is further amplified without solving the safety risk problem from the root of a computing architecture under the specific condition of the internet of things, so that the safety problem of the internet of things is more serious and complex.
(3) Business applications lack a dynamic trust evaluation mechanism for the support and running state of a systematic secure trusted framework. Some electric power companies develop electric power credible computing technology research towards a server and a cloud platform direction, have not conducted targeted deep exploration on ubiquitous electric power Internet of things end and side fields, and the research work developed in advance does not include dynamic evaluation on computing environment, only starts from the safety of computing nodes, but not solves the problem of systematicness and interactivity, and is difficult to meet application requirements in a ubiquitous open and interconnected new business state.
In the prior art, a plurality of published technical schemes exist for a basic flow and a corresponding operation interface module of a financial auditing system, however, the technical schemes provided by the prior financial auditing system are difficult to be directly applied to a new form of 'end, side and cloud internet of things basic software and hardware environment'.
Disclosure of Invention
In order to solve the problem of financial auditing in a ubiquitous power internet of things, the invention aims to provide a financial auditing system under the trusted computing of the software and hardware of the basis of the ubiquitous power internet of things, which is matched with a pivot type, a platform type and a shared type modern power enterprise and is in efficient interaction adaptation with the ubiquitous power internet of things service through a ubiquitous power internet of things trusted computing application framework, a dynamic trust evaluation system, an end, side and cloud end basis software and hardware trusted computing technology and an application mechanism of the trusted computing technology in the ubiquitous power internet of things service, namely the financial auditing system comprising a security protection core component facing to an internet of things computing node and based on the trusted computing technology.
The invention provides a pluggable intelligent financial auditing platform, which comprises a service server and a service client for financial auditing application, and a safety interaction platform for establishing a safety channel for the service server and the service client; the business server side obtains financial auditing data from a secondary system and/or a tertiary system of the financial auditing application and makes a business response to a business request of the business client side on the secure channel; the service server is arranged in an information inner network or an information outer network of the power information network, the service client is arranged in the internet, and the safe interaction platform is arranged at the edge of one side of the information outer network, which is communicated with the internet.
In each embodiment of the invention, the financial audit application is a business application service based on financial audit data and a pre-configured financial audit application process, and a software architecture is realized in a server-client (S/C) mode. The financial audit data is derived from configuration, operation and storage data in the financial audit application as a primary system and other secondary and/or tertiary systems in the electrical information network. The safety interaction platform is used for realizing dynamic access control based on service scenes, and comprises the technical scheme of at least three aspects: the ubiquitous power Internet of things safety framework based on service scene self-adaption is a network safety protection framework under a low-credibility environment of an edge side access network, which is designed after network safety analysis of a ubiquitous power Internet of things edge side access network low-credibility service scene is completed, key elements influencing the ubiquitous power Internet of things service safety are summarized, and service scene elements and dynamic access control related technical analysis are completed; the technology for measuring the safety trust degree of the terminal equipment in the low-trust environment at the edge side is a method for measuring the safety trust degree of the terminal equipment, which is designed by completing the research of a method for judging the attributive state of the terminal equipment by adopting multiple factors such as terminal equipment identification, business asset account, basic configuration information and the like and combining the ubiquitous power internet of things terminal equipment identification, state detection and analysis technologies; a multidimensional data fusion user identity intelligent identification and authorization strategy dynamic control technology aims to design a ubiquitous power Internet of things service access agent prototype after completing a short-time token and service access state-based user identity intelligent identification and access authorization strategy dynamic control scheme so as to support short-time token signaling, user identity intelligent identification and access authorization adaptive adjustment. In the invention, the safety interaction platform is any system which can realize the establishment of dynamic access control between a server and a client based on a service scene, namely a plug-in service application interaction system, realized by using the prior art. Exemplary, several implementations of secure interactive platforms are provided in the description of some embodiments of the invention.
In some embodiments, the secure interaction platform includes a secure interaction gateway and a secure interaction client running in a virtualized manner on the business client. The method comprises the steps of establishing a virtual safe interaction client by using a development kit and a browser plug-in customized based on hardware and distributed computing independently on an operating system of the business client and hardware by using a virtualization technology, and establishing a strong encrypted session connection with a business server by using the safe interaction client. The scheme is also suitable for a compatible upgrading means suitable for the existing mode, namely, in the upgrading transition period, only the hardware structure of the original user terminal needs to be changed, such as an encryption chip and the like, but the software architecture of the service application does not need to be changed, and along with the improvement of the computing power of the edge equipment, the software upgrading is not needed to be additionally carried out on the edge equipment such as a meter and the like through the improvement of distributed virtualization unless the service logic of the service application is modified. It is easy to see that in this type of scheme, the secure interaction platform contains an overflow part in the internet, but is more suitable for transition to a higher-level secure network.
In other embodiments, the secure interaction platform is implemented by a border secure access network, the border secure access network is arranged at the edge of the communication side of the information extranet and the internet and basically belongs to the information extranet; the first side of the boundary security access network is communicated with the information intranet through a data security exchange system, and the second side of the boundary security access network is communicated with the internet through a security interaction gateway; the safety interaction platform comprises the safety interaction gateway, and an identity authentication server, a centralized supervision server and a virtualization server which are arranged on the boundary safety access network; and the business server of the financial auditing application is arranged on a virtualization server of the safety interaction platform. In the scheme, the safety interaction platform is mainly positioned on one side of an information external network, the reliability is further improved under the condition that the safety interaction gateway is matched with the identity authentication server and the centralized supervision server, and meanwhile, the virtualization server provides service response for service application and is more suitable for the strong information safety requirement of the ubiquitous power internet of things.
An improvement of the above technical solution is that real service data of the virtualization server of the secure interaction platform is exchanged only between devices of the information intranet.
Another improvement of the above technical solution is that the service client sends peripheral operation data only to the service server, and the service server sends multimedia response data only to the service client.
Another improvement of the above technical solution is that the server of the secondary system and/or the tertiary system of the financial auditing application is provided in a virtualization server of the secure interaction platform.
Another improvement of the above technical solution is that the financial auditing data is accessed between the financial auditing application and its secondary or tertiary system through a database proxy isolation device.
Another improvement of the above technical solution is that the service server is provided in the information extranet.
Another improvement of the above technical solution is that the server and the client of the secondary system and/or the tertiary system also communicate with each other through the secure interaction platform.
The technical scheme is further improved in that the client of the secondary system and/or the tertiary system of the financial auditing application comprises an edge computing device arranged on the internet.
According to the technical scheme, a financial auditing application system structure under a network safety protection frame under a low-credibility environment of an edge side access network is provided through a service scene self-adaptive ubiquitous power Internet of things safety frame, a service environment with equipment safety credibility, environment safety known and threat safety recognizable is constructed, a user identity intelligent identification and authorization strategy dynamic control technology is integrated, an end-to-end safety protection system facing the ubiquitous power Internet of things is constructed, and the technical requirements of the ubiquitous power Internet of things in various aspects such as zero trust, credibility calculation, equipment identification, state detection, a credibility model, user identity intelligent identification, dynamic access control and the like are met.
Drawings
FIG. 1 is a schematic diagram of a system architecture of a financial auditing platform in the prior art;
FIG. 2 is a schematic diagram of a system architecture of a pluggable intelligent financial auditing platform according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart illustrating a service session between a service client and a service server in a pluggable intelligent financial auditing platform via a virtual private channel according to an embodiment of the present invention;
FIG. 4 is a schematic network level diagram of a secure interaction platform of the pluggable intelligent financial auditing platform according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a system architecture of a pluggable intelligent financial auditing platform according to another embodiment of the present invention;
FIG. 6 is a schematic diagram of a deployment structure of a three-level system of the pluggable intelligent financial auditing platform according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a deployment structure of an integrated office system of the pluggable intelligent financial auditing platform according to an embodiment of the present invention;
FIG. 8 is a schematic diagram illustrating a deployment structure of a power consumption information collection system of the pluggable intelligent financial auditing platform according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of a system architecture of a pluggable intelligent financial auditing platform according to another embodiment of the present invention;
FIG. 10 is a schematic diagram of a system architecture of a pluggable intelligent financial auditing platform according to another embodiment of the present invention.
Detailed Description
It should be noted that, in the prior art, the financial auditing application in the financial auditing platform of the power company is a business application system most widely connected with each business application in the power information network, and is deployed as a primary system and configured on one side of the information intranet, and the financial auditing application exchanges financial auditing data with each business application system in the secondary system and the tertiary system thereof to realize financial auditing flow management according to configuration rules. Exemplarily, as shown in fig. 1, in the existing financial auditing platform structure, a second-level system including business applications such as a production management system, a collaborative office system, and the like, and a third-level system including business applications such as a financial management system, a sales management system, and the like are run on one side of an information intranet, each business application on one side of the information intranet provides services to an intranet user through an intranet terminal such as a mobile terminal of the intranet and a wireless meter reading terminal, and meanwhile, if each business application on one side of the information intranet involves data exchange with an information extranet, each business application respectively performs secure communication with a part of the information extranet through an independent secure communication mode provided by a security gateway, and the extranet user can access and/or operate data of each business application running on the part of the information extranet through an extranet terminal of the information extranet. It is easy to understand that there are definite access terminals in the existing mode, including an intranet terminal and an extranet terminal, the two devices are strictly used differently, and there is a bottom layer of software and hardware configuration so that the related terminals cannot be used interchangeably.
In the existing technical solutions of various financial auditing platforms, there are obvious defects in at least three aspects of an access terminal (i.e., an intranet terminal and an extranet terminal in fig. 1), data transmission (including a transmission link between the access terminal and an application server and between application servers across security gateways), and an application system (i.e., business applications in various deployment modes in fig. 1), and thus the existing technical solutions cannot be applied to structural deployment based on ubiquitous power internet of things.
For the access terminal aspect: the mobile terminals such as PDA and mobile phone have the problems that IMSI code and scrambling code can be forged, the software installation and use process is lack of unified specification, the stored data after being lost has potential safety hazard, the self safety can not be guaranteed, the authority and authentication mechanism are not perfect, and the like; on one hand, the intelligent terminals such as the wireless meter have the problems that most data stored in the meter are not encrypted, and on the other hand, the meter encryption algorithm with the encryption function has weak strength; the PC terminal running the linux and windows advanced operating system has the risks of 'two networks in one machine' (the internal network is connected and the external network is connected at the same time), the authentication and access control granularity is not enough, sensitive data is not encrypted and stored, and the like, and meanwhile, the PC terminal is easy to have potential security risks such as virus and trojan attacks and the like.
For the transmission channel aspect: the special line mode generally uses a physical line of a special optical fiber, adopts data encryption transmission, has higher safety, but has high laying cost, low utilization rate and poor network reliability under the same cost; data transmitted in a GPRS/CDMA/APN dedicated line mode, a GPRS wireless mode and other wireless modes have the problems of being tampered, transmission errors and the like, most data are transmitted in a plaintext mode and are easy to eavesdrop, tamper and damage, and part of encryption algorithm strength is weak; in the Internet mode, data is transmitted in a plaintext form and is easy to eavesdrop, tamper and destroy.
For the application system aspect: in terms of protection measures, certain application systems of the information extranet are protected by a firewall, so that the risk of being attacked by penetration exists, the identity authentication mechanism of the application systems to users is imperfect, and once the users are impersonated, the systems face threats; in the aspect of access control, the access authority and the access time (especially remote maintenance) of a user are not effectively controlled, the concurrency of the user is not effectively controlled, and the DOS risk exists.
Therefore, the existing terminal accessing the financial auditing application must use the terminal deployed in the information intranet to realize information security.
The invention has the conception that the safety interaction platform is deployed at the boundary of an information outer network in the electric power information network, namely between the information outer network and the Internet, so that a system structure of financial auditing application is redeployed to adapt to the network structure of 'end, side and cloud' in the electric power Internet of things. The safety interaction platform is a set of unified safety protection equipment for the boundaries of an information extranet and the Internet, provides a special safety transmission channel aiming at the data interaction in companies through the Internet and the mutual business of public transport with high safety requirements, and applies a high-strength cryptographic algorithm to ensure the confidentiality and the integrity of the transmitted data. In one embodiment shown in fig. 2, the security interaction platform authenticates identity information of the external access node, and at the same time, encrypts and controls access to communications between the external access node and the internal nodes of the enterprise, thereby ensuring security of the electric power information network service system at a node layer and a network layer. The secure interaction platform mainly comprises a secure interaction gateway (hereinafter, referred to as an interaction gateway) and a secure interaction client (hereinafter, referred to as an interaction client), and the gateway and the client cooperate to realize a secure function. The interactive client is a virtual machine which is realized by terminal side interactive software by using a service client hardware platform. For example, in an embodiment of fig. 3, a service server running a financial auditing application is disposed in an information intranet or an information extranet, a service client accessing the service is disposed in the internet, in the access of a client to the service, a virtual private channel mode implemented by using a secure interaction platform is used for performing communication, a secure channel between the service client and the service server is established through an identity authentication mechanism, then a bidirectional communication link is implemented on the secure channel, and on the communication link, the service server implements a service response to a service request of the service client.
Based on the above description, those skilled in the art can implement the secure interaction platform of the present invention in many ways, and as shown in fig. 4, in one embodiment of the present invention, the secure interaction platform is implemented between an application layer and an infrastructure layer. Exemplarily, in the present embodiment, the configuration of the secure interaction platform at each level is as follows:
in the access layer, the deployment node includes a secure interaction platform server device (DU01), and an additional iOS embedded browser agent (DU02) and an Android embedded browser agent (DU 03).
In the presentation layer, the communication with the service logic layer is realized through a Socket technology, and the iOS/Android SDK/WebView: and realizing the encryption communication function for the mobile client to call. And (3) browser plug-in: the encrypted transport browser accesses the generated network traffic.
At the control layer, no functional implementation is involved.
At the application layer, the functions in the system application architecture are respectively: mobile SDK embedded browser proxy: after a mobile access client and other types of power service mobile client WebView controls are integrated with a safety interaction platform mobile SDK, when a service system is accessed by using the WebView, an interface of a browser agent embedded in the mobile SDK is called to interact with the safety interaction platform, and safety interaction functions such as identity authentication, encrypted communication and the like are provided for the safety interaction platform. According to the mobile terminal operating system, two secondary modules of an iOS embedded browser agent and an Android embedded browser agent are divided. The sub-items are set forth as follows:
(1) iOS embedded browser agent: the iOS mobile APP pulls data to a corresponding SDK monitoring port by setting the conversion of the access URL, and the safety transmission summary of the iOS embedded browser is as follows: the idea of acquiring the WebView data is similar to the idea of acquiring the data after the SDK sends the application connection request, and the data is acquired through the local monitoring port after the local dynamic monitoring port is inquired according to the service address and the port. in iOS6, the class that initiates a data request is NSURLRequest, which encapsulates an NSURL (request address) object. Through the interface provided by SDK, the service server host and port in NSURL are modified into local loop back address and dynamic monitoring port. The above version of iOS6 supports the method of iOS6 for data requests using NSURLRequest. Where WebView uses an NSURLRequest, the interface needs to be called to modify an NSURL before requesting.
(2) Android embedded browser agent: the Android mobile APP draws data to a corresponding SDK monitoring port by setting an Http proxy, and the Android embedded browser safety transmission summary refers to iOS configuration, wherein the difference is that the Android can start another WebView local proxy thread for an App main thread to exchange for asynchronous execution.
At the basic service layer: and the network communication scheduling module is realized based on the concurrent event processing framework, and the algorithm library and the certificate processing are realized based on the cryptographic algorithm component. And communicating with the system and the driving layer through a function calling mechanism and an operating system standard interface. And the functions of channel confidentiality protection, channel integrity protection, non-repudiation/credibility protection, access control and filtration, log audit and alarm and the like are completed.
In a data layer, a security interaction platform management user sets gateway related parameters through a gateway configuration interface, formulates an access strategy on a service, and realizes an auditing function through log information. Platform users including PC client users, PC browser users and iOS and Android mobile intelligent terminal users acquire relevant extranet resources by acquiring an access control list, and log recording is performed in the whole process.
At the infrastructure level, on the one hand, as the hardware level of the infrastructure: adopting a customized industrial server; adopting a PCI-E cryptographic algorithm password card; on the other hand, the system and driver layer as the infrastructure: adopting a safe operation system of the conges Linux; and realizing the special password hardware drive based on a Linux kernel module mechanism.
Referring to fig. 5 to 8, in an embodiment of the pluggable intelligent financial auditing platform, the security interaction platform is implemented by a border security access network, which is provided at an edge of a communication side of an information extranet and the internet and basically belongs to the information extranet; the first side of the boundary security access network is communicated with the information intranet through a data security exchange system, and the second side of the boundary security access network is communicated with the internet through a security interaction gateway; the safety interaction platform comprises a safety interaction gateway, an identity authentication server, a centralized supervision server and a virtualization server, wherein the identity authentication server, the centralized supervision server and the virtualization server are arranged in a boundary safety access network; and the business server side of the financial auditing application is arranged on a virtualization server of the safety interaction platform.
Exemplarily, the embodiment includes a schematic structural diagram of a three-level system, as shown in fig. 6, the three-level system may be a meter reading module of the marketing management system, which ensures the uniqueness and non-falsification of information by encrypting communication between a dedicated encryption module and the access platform; carrying out terminal validity authentication through a digital certificate; the safe network access of the wireless meter and the acquisition terminal is ensured by using the safe SIM/UIM card. The front application server of the boundary security access network establishes a virtualization server of a server side for a third-level system of the financial auditing application. And the financial auditing data are accessed between the financial auditing application and the three-level system through a database agency isolation device. In some specific applications, the servers of the information extranet are gradually segmented according to functions and gradually moved into the boundary security access network, and finally, the isolation of the internal network and the external network is switched into a security framework of zero-trust identity authentication. Obviously, in order to achieve a higher security level, in this embodiment, the server and the client of the other secondary system and/or tertiary system of the financial auditing application also implement business processing by communicating with the secure interaction platform shown in fig. 6. Illustratively, the meter as a client of the three-tier system is updated to an edge computing device provided in the internet, and is connected to the private network through the switch of the edge node. Fig. 7 and 8 are schematic diagrams of network topologies of some specific two-stage systems or three-stage systems, respectively.
It is easily understood that the communication between the server and the client established between the border security access network and the internet by the three-level system of the embodiment is based on a zero-trust security architecture, which is essentially a transition of an access control paradigm from traditional network-centric to identity-centric access control. The necessity of this transition is because the boundaries of the enterprise are collapsing and it has not been possible to distinguish between internal and external networks, such as the external and internal information networks in conventional power information networks. Therefore, the enterprise network is built according to the internet safety idea. In one implementation, the zero trust security architecture consists of three major subsystems: an authentication mechanism based on equipment and a user, an access control model based on trust and identity identification based on multiple elements. Wherein the content of the first and second substances,
(1) authentication mechanism based on equipment and user
Device authentication is a key practice of zero trust security, and in a zero trust architecture, a terminal device includes 4 types of states: an uncontrolled terminal, a controlled terminal, a trusted terminal and an untrusted terminal. The state transition of the device is realized by 3 key actions: device initialization and registration, device authentication, device persistence evaluation.
1) All terminal equipment is marked as an uncontrolled terminal in a default condition, the uncontrolled terminal has no authority, and the uncontrolled terminal becomes a controlled terminal after equipment registration is completed.
2) The controlled terminal must be authenticated by the device in order to become a trusted terminal. Only the trusted terminal can perform subsequent user authentication and service access. The technical means of the equipment authentication comprise equipment certificate, equipment fingerprint, equipment hardware binding and the like.
3) In addition, the continuous trustworthiness of trusted devices must be ensured through continuous terminal risk monitoring and evaluation. If the evaluation finds that the equipment risk is too high, the trusted terminal is degraded into an untrusted terminal, and the access authority is revoked.
And after the equipment authentication is passed, user authentication is required. User authentication also includes 3 key actions: initial authentication, continuous authentication and secondary authentication.
In the logic of zero trust security, it is considered that only one-time initial authentication is performed on a user and is not secure, and even if various authentication factors are used, the security of the user identity in the process of accessing the service cannot be guaranteed, so that a continuous authentication means needs to be adopted to continuously evaluate the validity of the user identity through user service flow analysis and user operation behavior analysis. When the security risk is found, the user needs to be prompted to perform secondary authentication.
(2) Trust-based access control model
The essence of zero trust security is based on trust access control, and the balance of adaptive, manageable and extensible aspects of authorization policies needs to be fully considered in specific practice. It is proposed to use a combination of a role-based access control model RBAC and an attribute-based access control model ABAC.
1) Coarse-grained authorization is realized through RBAC, and an authority baseline meeting a minimum authority principle is established;
2) the dynamic mapping of roles is realized based on subject, object and environment attributes through an ABAC model, and flexible management requirements are met;
3) and filtering the angle and the authority through risk assessment and analysis to realize dynamic authorization of scene and risk perception.
In order to enforce authentication and authorization of all service access, a trusted access gateway is required. The trusted access gateway takes over all service access requests and is linked with the intelligent identity platform to carry out authentication and authorization. In addition, the trusted access gateway serves as an access agent of the service, and can provide a uniform transmission encryption mechanism and full-flow log export capacity. The trusted access gateway is therefore both a policy enforcement point and a traffic encryption gateway.
Trust typically includes Identity-based Trust (Identity Trust) and Behavior-based Trust (Behavior Trust). Identity-based trust employs a Static Authentication Mechanism (Static Authentication Mechanism) to decide whether or not to authorize an entity. Common techniques include Encryption (Encryption), Data Hiding (Data Hiding), Digital Signatures (Digital Signatures), authorization protocols (Authentication protocols), and access control policies. The credibility of the entity is dynamically judged through the behavior history-record and the current behavior characteristics of the entity based on the trust of the behavior. In a closed or small system, trust establishment between nodes can also be static, since the nodes are fixed or the number of nodes is not large. However, in the pervasive computing environment, because the openness, the distributivity, the shareability and the dynamics of the pervasive computing environment are greatly improved, the trust between nodes in the pervasive computing environment cannot be established only by a static mode, and the characteristics of pervasive computing per se must be fully considered.
To further illustrate the trust relationship, the definition of trust needs to be clarified. Since trust is intangible, it is difficult to define it strictly accurately. And everyone does not understand the term "trust" exactly the same. Currently, there are many scholars who define trust, but basically there is no widely accepted standard. The invention refers to the definition of the term "trust" given in the ITUT recommendation X.509 specification: when entity a assumes that entity B will act exactly as a expects, a trusts B. Therefore, in the trust model, trust is defined as the evaluation of the credibility of the behavior of an entity, the trust is related to the reliability, the integrity and the performance of the entity, the trust is a subjective concept, and depending on experience, the trust level is used for expressing the degree of trust, and the trust level dynamically changes along with the behavior of the entity. From this definition we can see that trust involves assumptions, expectations and behaviour, which means that trust is difficult to quantify and measure, trust is linked to risk, and establishment of trust relationships cannot always be fully automated. But in order to realize behavior evaluation in a ubiquitous computing system, a quantitative representation method of trust must be given.
Trust is a quantitative representation of the degree of trust, which is used to measure the magnitude of trust. Confidence may be measured in combination with direct confidence and recommendation confidence, also known as Reputation (reputations). Direct trust comes from direct contact with other entities, and reputation is a reputation for verbally spreading. Over time, the trust level of users and applications may change, and when an originally trusted user or application becomes untrusted, the pervasive computing system administrator and pervasive computing resource manager should discover timely, otherwise the pervasive computing system may be damaged significantly. Therefore, the ubiquitous computing system needs to introduce a trust model for initializing the trust relationship between the entities and determining the trust degree and the change trend of the entities.
(3) Identity label based on multiple elements
In a zero trust security architecture, intelligent identity analysis provides intelligent support for adaptive access control and identity governance.
1) By collecting attributes related to various devices, users and environments and log information of service access, the intelligent identity analysis engine can evaluate the risk score of the current access request in real time and take the risk score as a key judgment factor of access control.
2) The intelligent identity analysis is also the key capability of identity management, and through models such as peer group analysis and permission compliance analysis, permission strategies are continuously optimized and risk assessment is carried out, and a workflow engine is triggered to adjust the strategies, so that intelligent closed-loop management of identity and permission is formed.
The core control plane intelligent identity platform with the zero trust security architecture needs to be constructed based on the modern identity management technology, and compared with the traditional identity management, the modern identity management platform has the advantages of agility, safety and intelligence.
1) Based on an agile identity life cycle management mechanism, the management of enterprises on different identities such as internal identities, external identities, clients and the like is met;
2) based on intelligent identity analysis and dynamic access control technology, the method has the capability of protecting unknown risks;
3) the method is constructed based on technical means such as modern cloud computing and micro-service, meets the flexible deployment requirement of modern enterprises, greatly improves the deployment efficiency of customers and reduces the online cost due to the application of the new architectures.
In order to realize the transition of a new network structure in the ubiquitous power internet of things, in other embodiments, the pluggable type can be realized in different manners. In the pluggable intelligent financial auditing platforms, a boundary security access network is arranged at the edge of the communication side of the information external network and the internet; the first side of the boundary security access network is communicated with the information intranet through a data security exchange system, the second side of the boundary security access network is communicated with the internet through a security interaction gateway, and the boundary security access network gradually and completely covers the original information extranet in deployment to finally replace the information extranet; the safety interaction platform comprises a safety interaction gateway, an identity authentication server, a centralized supervision server and a virtualization server, wherein the identity authentication server, the centralized supervision server and the virtualization server are arranged in a boundary safety access network; and the business server side of the financial auditing application is arranged on a virtualization server of the safety interaction platform. The difference is that as shown in fig. 9 and 10, the service server of the financial auditing application is completely located in the information intranet, the service client sends peripheral operation data, such as RDP (remote desktop operation process) operation data, such as mouse movement signals, keyboard input signals, etc., to the service server only through the secure network platform of the border secure access network, the service server is established on the server of the intranet in a virtualized manner, the RDP communication link still adopts an identity-based encryption channel, and only sends multimedia response data, such as mouse action echo, screen refresh, keyboard operation echo, etc., to the service client, without transmitting any real data over the communication link, regardless of encryption or non-encryption. Compared with the RDP operation in the existing power information network, the RDP based on the safe interaction platform is additionally provided with the identity recognition based on hardware, meanwhile, strict authority control is carried out, all data never leave the information intranet, and only the information intranet is exchanged, so that smooth remote access of service application under ultra-low bandwidth is realized more easily. In this embodiment, part or all of the primary system, the secondary system, or the tertiary system in the financial audit application may adopt the secure interaction in the RDP method in this embodiment, and data exchange is implemented in the information intranet, and all services are migrated based on the virtual server, and it is not necessary to modify the processing flow for the service application software again for the technical facility, and smooth transition is easily implemented.
It is easy to understand that, the embodiments of the present invention realize the system deployment of the pluggable intelligent financial auditing platform by combining the secure interaction platform, the pluggable intelligent financial auditing platform deployed according to the technical scheme disclosed by the embodiments of the present invention adopts the secure interaction platform based on the dynamic trust authorization technology of the terminal user behavior and the environmental attributes, compared with the traditional authority management architecture, the problem of difficult implementation of tracking authority change on the behavior state of the user is difficult, some embodiments can extract the context information of the terminal (such as the service end of the present invention), the user and the service of the interactive service (including the identity, the network behavior, the behavior characteristics, etc.) by collecting and analyzing the environmental attributes of the terminal user behavior and the physical location, etc., combine the environmental attributes of the terminal to generate the trust level of the current state, implement the hierarchical control on the service application and data of the upstream of the sensing layer device and the access control on the downstream of the sensing layer device, the dynamic trust evaluation, the real-time authority tracking and the dynamic change management are realized, and further, the business application with high-level and multi-data-level financial examination is transferred from the original electric power information network to a new network structure.
In the above embodiments, the clients of the systems at all levels including the service client may optionally use different modified forms, and are not limited to modification, reinforcement, customization (windows mobile/windows xp, etc.) of the operating system bottom layer, secure communication module (encrypted communication and connection), encryption card (usb key/TF encryption card), etc. Exemplarily, the mobile notebook terminal adopts secure USBKEY encryption card hardware (including a digital certificate), a secure communication module, a security check module and a host behavior control system. For example, in the safety production application, the standardized operation can be carried out to carry out on-line data synchronization, and other operations can not be carried out; the mobile terminals such as PDA and smart phone, etc. adopt security TF card hardware (containing digital certificate), security inspection module, security communication module and security SIM/UIM card binding with special APN, to the hardware characteristic inspection and security health inspection of the terminal, use the digital certificate to carry on strong identity authentication, stop the illegal mobile terminal access; the wireless meter and the acquisition terminal are embedded with a hardware encryption chip and a secure communication module, a specific APN and a digital certificate are bound by using a secure SIM/UIM card, and the uniqueness and the non-falsification of information are ensured through encrypted communication between a special encryption algorithm chip and an access platform.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the modules is only one logical division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In another aspect, the shown or discussed couplings or direct couplings or communication connections between each other may be through interfaces, indirect couplings or communication connections of devices or units, such as calls to external neural network units, and may be in a local, remote or mixed resource configuration form.
The devices described as separate may or may not be physically separate, and components appearing as devices may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing device, or each module may exist alone physically, or two or more modules are integrated into one processing device. The integrated module can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated module, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-0n Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The pluggable intelligent financial auditing platform provided by the invention is described in detail, a specific example is applied in the description to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (6)

1. A pluggable intelligent financial auditing platform comprises a business server and a business client of financial auditing application, and a safety interaction platform for establishing a safety channel for the business server and the business client; the business server side obtains financial auditing data from a secondary system and/or a tertiary system of the financial auditing application and makes a business response to a business request of the business client side on the secure channel; the service server is arranged on an information extranet of the power information network, the service client is arranged on the Internet, and the safety interaction platform is arranged on the edge of one side of the information extranet, which is communicated with the Internet;
the safety interaction platform is realized by a boundary safety access network, and the boundary safety access network is arranged at the edge of one side of the information extranet, which is communicated with the Internet; the first side of the boundary security access network is communicated with an information intranet through a data security exchange system, and the second side of the boundary security access network is communicated with the internet through a security interaction gateway; the safety interaction platform comprises the safety interaction gateway, and an identity authentication server, a centralized supervision server and a virtualization server which are arranged on the boundary safety access network; and the business server side of the financial auditing application is arranged on a virtualization server of the safety interaction platform.
2. The pluggable intelligent financial audit platform according to claim 1, wherein: and real service data of the virtualization server of the secure interaction platform are exchanged only among the devices of the information intranet.
3. The pluggable intelligent financial audit platform according to claim 1, wherein: the service client only sends peripheral operation data to the service server, and the service server only sends multimedia response data to the service client.
4. The pluggable intelligent financial audit platform according to claim 1, wherein: and the server side of the secondary system and/or the tertiary system of the financial auditing application is arranged on the virtualization server of the safety interaction platform.
5. The pluggable intelligent financial audit platform according to claim 1, wherein: and the financial auditing data is accessed between the financial auditing application and the secondary system or the tertiary system thereof through a database agent isolation device.
6. The pluggable intelligent financial audit platform according to claim 1, wherein: the client of the secondary system and/or the tertiary system of the financial auditing application comprises edge computing equipment arranged on the Internet.
CN202110302315.1A 2021-03-22 2021-03-22 Can peg graft formula intelligence financial auditing platform Active CN113114632B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110302315.1A CN113114632B (en) 2021-03-22 2021-03-22 Can peg graft formula intelligence financial auditing platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110302315.1A CN113114632B (en) 2021-03-22 2021-03-22 Can peg graft formula intelligence financial auditing platform

Publications (2)

Publication Number Publication Date
CN113114632A CN113114632A (en) 2021-07-13
CN113114632B true CN113114632B (en) 2022-09-06

Family

ID=76710317

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110302315.1A Active CN113114632B (en) 2021-03-22 2021-03-22 Can peg graft formula intelligence financial auditing platform

Country Status (1)

Country Link
CN (1) CN113114632B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113378131A (en) * 2021-06-30 2021-09-10 深圳竹云科技有限公司 User data authentication method, device and storage medium
CN114285686A (en) * 2021-11-24 2022-04-05 广东电网有限责任公司电力调度控制中心 Electric power internet of things equipment communication system and method
CN114979279B (en) * 2022-05-23 2023-11-17 河南北斗空间科技有限公司 Micro-service module scheduling method for data request
CN116382740B (en) * 2023-04-10 2023-11-14 广州锦高信息科技有限公司 Automatic upgrade release system and method for application software
CN117478427B (en) * 2023-12-26 2024-04-02 广东省能源集团贵州有限公司 Network security data processing method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110933176A (en) * 2019-12-05 2020-03-27 国家电网有限公司 Electric power internet of things management and service platform
CN112511618A (en) * 2020-11-25 2021-03-16 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104683332A (en) * 2015-02-10 2015-06-03 杭州优稳自动化系统有限公司 Security isolation gateway in industrial control network and security isolation method thereof
US10833940B2 (en) * 2015-03-09 2020-11-10 Vapor IO Inc. Autonomous distributed workload and infrastructure scheduling
CN106209801A (en) * 2016-06-28 2016-12-07 广东电网有限责任公司信息中心 Mobile solution platform and inner-external network data safety switching plane integrated system
CN111371737A (en) * 2019-08-19 2020-07-03 国网天津市电力公司 Internet of things security access system based on NB-IoT
CN111371830B (en) * 2019-11-26 2022-09-30 中国长峰机电技术研究设计院 Intelligent cooperative cloud architecture based on data driving under fusion scene of ten thousand networks
CN111970232A (en) * 2020-06-29 2020-11-20 国网江苏省电力有限公司营销服务中心 Safe access system of intelligent service robot of electric power business hall

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110933176A (en) * 2019-12-05 2020-03-27 国家电网有限公司 Electric power internet of things management and service platform
CN112511618A (en) * 2020-11-25 2021-03-16 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system

Also Published As

Publication number Publication date
CN113114632A (en) 2021-07-13

Similar Documents

Publication Publication Date Title
CN113114632B (en) Can peg graft formula intelligence financial auditing platform
Si et al. IoT information sharing security mechanism based on blockchain technology
Braun et al. Security and privacy challenges in smart cities
US10469496B2 (en) Fabric assisted identity and authentication
Wang et al. A system framework of security management in enterprise systems
CN112118102A (en) Dedicated zero trust network system of electric power
Shore et al. Zero trust: the what, how, why, and when
CN112115484B (en) Access control method, device, system and medium for application program
Pathak et al. TABI: Trust-based ABAC mechanism for edge-IoT using blockchain technology
Aladwan et al. Common security criteria for vehicular clouds and internet of vehicles evaluation and selection
Chatterjee et al. A framework for development of secure software
Qazi Study of zero trust architecture for applications and network security
Williams et al. Security aspects of internet of things–a survey
Madsen Zero-trust–An Introduction
CN116208401A (en) Cloud master station access control method and device based on zero trust
Waziri et al. A Secure Maturity Model for Protecting e-Government Services: A Case of Tanzania
Noor et al. Decentralized Access Control using Blockchain Technology for Application in Smart Farming
Chouhan et al. Software as a service: Analyzing security issues
Zhu Building a secure infrastructure for IoT systems in distributed environments
Ma et al. Security of edge computing based on trusted computing
Cusack et al. Defining cloud identity security and privacy issues: A Delphi method
Johari et al. Blockchain-Based Model for Smart Home Network Security
Alhawamdeh et al. Enabling Security as a Service for IoT Emerging Technologies: A Survey
Konstantinidis Identity and access management for e-government services in the European Union–state of the art review
Sun et al. A Survey of IoT Privacy Security: Architecture, Technology, Challenges, and Trends

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant